IT IS CLAIMED 

1. A method for implementing redundancy of stateful network address 
translation information in at least one network device of a data network, the method 
comprising: 

5 receiving, at a first network device, a first packet from a source device, said first 

packet including a header portion comprising address information relating to a source 
device and a destination device associated with the first packet; 

generating a first network address translation (NAT) entry relating to the source 
device of the first packet, wherein the source device is associated with a globally unique 
1 0 network address ; 

storing the first NAT entry in a first NAT data structure residing at the first 

1*3 

s ^ network device; 

" J generating a first network address translation (NAT) transaction message which 

!J1 includes information relating to updates or modifications performed on the first NAT data 
i f| 1 5 structure; and 

transmitting the first NAT transaction message to at least one other network device 
M to thereby cause the at least one other network device to update a respective NAT data 
\2 structure associated with the at least one other network device using information from said 
; Sfai first NAT transaction message. 

: K 

Q20 

2. The method of claim 1 wherein the first NAT entry includes a NAT ID field 
relating to an identity of a specific network device which is responsible for controlling 
modification of that particular NAT entry. 

25 3. The method of claim 2 further comprising consulting the NAT ID field 

corresponding to a particular NAT entry in the first NAT data structure to determine 
whether modification of the particular NAT entry may be performed. 

4. The method of claim 3 further comprising allowing the first network device 
30 to modify the particular NAT entry in response to a determination that the NAT ID field of 
the particular NAT entry corresponds to said first network device. 
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5. The method of claim 3 further comprising preventing the first network 
device from modifying the particular NAT entry in response to a determination that the 
NAT ID field of the particular NAT entry does not correspond to said first network device. 

5 

6. The method of claim 2 wherein the NAT transaction message comprises 
information relating to: 

an identifier of the at least one other network device; and 

instructions for causing the at least one other network device to modify its 
10 respective NAT data structure to include a NAT entry comprising information that is 
substantially identical to the information contained in the first NAT entry. 

v3 7. The method of claim 1 wherein the first network device is a router. 

""•Ji 

|fj 15 8. The method of claim 6 further comprising: 

=2 receiving said first NAT transaction message at the at least one other network 

« device; and 

i*5 i modifying a second NAT data structure residing on the at least one other network 

H device in accordance with instructions provided in said first NAT transaction message. 

Q20 

9. The method of claim 8 wherein said modifying includes creating a new 
NAT entry in the second data structure comprising information that is substantially 
identical to the information contained in said first NAT entry. 

25 10. The method of claim 1 wherein the first network device is configured as a 

primary traffic handling device of a primary-backup redundancy group, and wherein the at 
least one other network device is configured as a backup traffic handling device of the 
primary-backup redundancy group. 

30 11. The method of claim 1 wherein the first network device is configured as an 

active traffic handling device of an active-standby redundancy group, and wherein the at 
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least one other network device is configured as a standby traffic handling device of the 
active-standby redundancy group. 

12. The method of claim 1 wherein the first network device is configured as an 
5 first peer traffic handling device of a peer-peer redundancy group, and wherein the at least 

one other network device is configured as a second peer traffic handling device of the 
peer-peer redundancy group. 

13. A method for synchronizing network address translation (NAT) information 
10 stored on different network devices that have been configured to implement a network 

address translation protocol, each of said network devices including a respective NAT data 
structure configured to store said NAT information, the method comprising: 
:3 creating, in a first NAT data structure of a first network device, a first network 

id address translation (NAT) entry relating to a network node engaged in a communication 
jf?15 session, said first NAT entry including information relating to a local network address of 
^ the network node and a dynamically assigned global network address of the network node; 
* generating a first network address translation (NAT) transaction message which 

i«y includes information relating to updates or modifications performed on the first NAT data 
: ^ structure; and 

P20 transmitting the first NAT transaction message to at least one other network device 

to thereby cause the at least one other network device to update a respective NAT data 
structure associated with the at least one other network device using information from said 
first NAT transaction message. 

25 14. The method of claim 13 wherein the first NAT entry includes a NAT ID 

field relating to an identity of a specific network device which is responsible for 
controlling modification of the first NAT entry. 

15. The method of claim 14 wherein the NAT transaction message comprises 
30 information relating to: 

an identifier of the at least one other network device; and 
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instructions for causing the at least one other network device to modify its 
respective NAT data structure by creating a second NAT entry comprising information that 
is substantially identical to the information included in the first NAT entry. 

5 16. The method of claim 15 wherein the second NAT entry includes a 

corresponding NAT LD field which specifies an identity of the first network device. 

17. The method of claim 15 further comprising: 

receiving said first NAT transaction message at the at least one other network 
10 device; and 

modifying a second NAT data structure residing on the at least one other network 
device in accordance with instructions provided in said first NAT transaction message. 

Q 
v3 

I j 18. The method of claim 17 wherein said modifying includes creating a new 

NAT entry in the second data structure comprising information that is substantially 
"9 identical to the information contained in said first NAT entry. 

19. The method of claim 1 5 further comprising: 

; s ~ receiving said first NAT transaction message at the at least one other network 

Q20 device; and 

modifying, using information from said first NAT transaction message, a second 
NAT data structure residing on the at least one other network device by creating a second 
NAT entry in the second data structure, said second NAT entry comprising information 
that is substantially identical to the information included in said first NAT entry. 

25 

20. The method of claim 19 further comprising consulting a NAT ID field 
corresponding to a particular NAT entry in the second NAT data structure to determine 
whether modification of the particular NAT entry may be performed. 

30 21. The method of claim 20 further comprising allowing the at least one other 

network device to modify the particular NAT entry in response to a determination that the 
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NAT ID field of the particular NAT entry corresponds to said at least one other network 
device. 

22. The method of claim 20 further comprising preventing the at least one other 
5 network device from modifying the particular NAT entry in response to a determination 

that the NAT ED field of the particular NAT entry does not correspond to said at least one 
other network device. 

23. The method of claim 13 wherein the first network device is configured as a 
10 primary traffic handling device of a primary-backup redundancy group, and wherein the at 

least one other network device is configured as a backup traffic handling device of the 
primary-backup redundancy group. 

;[j 24. The method of claim 13 wherein the first network device is configured as 

15 an active traffic handling device of an active-standby redundancy group, and wherein the 
*3 at least one other network device is configured as a standby traffic handling device of the 
« active- standby redundancy group. 

I s4 25. The method of claim 13 wherein the first network device is configured as 

□20 an first peer traffic handling device of a peer-peer redundancy group, and wherein the at 

least one other network device is configured as a second peer traffic handling device of the 

peer-peer redundancy group. 

26. A method for synchronizing network address translation (NAT) information 
25 stored on different network devices that have been configured to implement a network 
address translation protocol, each of said network devices including a respective NAT data 
structure configured to store said NAT information, said NAT information including at 
least one NAT entry relating to a network node engaged in a communication session with 
at least one other network node, the method comprising: 
30 modifying at least one NAT entry in a first NAT data structure associated with a 

first NAT network device; 
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generating a first network address translation (NAT) transaction message which 
includes information relating the modifications performed on the first NAT data structure; 
and 

transmitting the first NAT transaction message to at least one other NAT network 
device to thereby cause the at least one other NAT network device to modify a respective 
NAT data structure associated with the at least one other NAT network device using 
information from said first NAT transaction message. 

27. The method of claim 26 wherein the NAT transaction message includes 
information relating to an addition of a new NAT entry to the first NAT data structure. 

28. The method of claim 26 wherein the NAT transaction message includes 
information relating to a deletion of a NAT entry from the first NAT data structure. 

29. The method of claim 26 wherein the NAT transaction message includes 
information relating to a modification of an existing NAT entry in the first NAT data 
structure. 

30. A computer program product comprising a computer readable medium, the 
computer readable medium comprising computer code for implementing the method of 
claim 26. 

31. A method for synchronizing network address translation (NAT) information 
stored on different network devices that have been configured to implement a network 
address translation protocol, each of said network devices including a respective NAT data 
structure configured to store said NAT information, the method comprising: 

receiving, at a first network device, a first NAT transaction message which 
includes updated network address translation (NAT) information generated by a second 
network device, the updated NAT information including information relating to 
modifications to be performed on NAT information stored in a first NAT data structure on 
the first network device; and 
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modifying the first NAT data structure using information from said first NAT 
transaction message to thereby achieve synchronization of NAT information stored on the 
first and second network devices. 

5 32. The method of claim 31 wherein the NAT transaction message includes 

instructions to add a new NAT entry to the first NAT data structure. 

33. The method of claim 31 wherein the NAT transaction message includes 
instructions to delete a specific NAT entry stored in the first NAT data structure. 

10 

34. The method of claim 3 1 wherein the NAT transaction message includes 
instructions to modify an existing NAT entry in the first NAT data structure. 

3 
= n 

I sj 35. A network device configured to implement redundancy of stateful network 

I s ' ! 1 5 address translation information in a data network, the network device comprising: 
b 3 at least one processor; 

» at least one interface configured or designed to provide a communication link to at 

ry least one other network device in the data network; and 
f7 memory; 

Q20 said at least one processor being configured to store in said memory a plurality of 

data structures, including: 

a first network address translation (NAT) data structure configured to store 
information relating to address translations corresponding to selected network nodes in the 
network; and 

25 a NAT transaction data structure configured to store transactional information 

relating to updates or modifications performed on the first NAT data structure; 

said network device being configured to transmit at least a portion of said NAT 
transactional information to said at least one other network device to thereby cause the at 
least one other NAT network device to modify a respective NAT data structure associated 

30 with the at least one other NAT network device using the NAT transaction information. 

36. The device of claim 35: 
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wherein the network device is further configured or designed to receive NAT 
transactional information from said at least one other device, said received NAT 
transactional information including information relating to updates or modifications 
performed on said respective NAT data structure associated with the at least one other 
network device; and 

wherein the network device is further configured or designed to update or modify 
said first NAT data structure using data from said received NAT transactional information 
to thereby achieve redundancy of NAT information stored on the first network device and 
the at least one other network device. 

37. The device of claim 35 wherein the network device is configured as a 
primary traffic handling device of a primary-backup redundancy group, and wherein the at 
least one other network device is configured as a backup traffic handling device of the 
primary-backup redundancy group. 

38. The device of claim 35 wherein the network device is configured as an 
active traffic handling device of an active-standby redundancy group, and wherein the at 
least one other network device is configured as a standby traffic handling device of the 
active-standby redundancy group . 

39. The device of claim 36 wherein the network device is configured as an first 
peer traffic handling device of a peer-peer redundancy group, and wherein the at least one 
other network device is configured as a second peer traffic handling device of the peer- 
peer redundancy group. 

40. The device of claim 36 wherein the network device is configured as a 
traffic handling device and further comprises a routing table. 

41. A network device configured to implement redundancy of stateful network 
address translation information in a data network, the network device comprising: 

at least one processor; 
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at least one interface configured or designed to provide a communication link to 
second network device in the data network; and 
memory; 

said at least one processor being configured to store in said memory a plurality of 
data structures, including: 

a first network address translation (NAT) data structure configured to store 
information relating to address translations corresponding to selected network nodes in the 
network; and 

a NAT transaction data structure configured to store transactional 
information relating to updates or modifications performed on the first NAT data structure; 

wherein the network device is configured or designed to receive NAT transactional 
information from said a second network device, said received NAT transactional 
information including information relating to updates or modifications of NAT 
information associated with a second NAT data structure corresponding to the second 
network device; and 

wherein the network device is further configured or designed to update or modify 
said first NAT data structure using data from said received NAT transactional information 
to thereby achieve redundancy of NAT information stored on the first and second network 
devices. 

42. A system for synchronizing network address translation information stored 
on different network devices in a data network, the system comprising: 

a first network device configured to implement a network address translation 
protocol, the first network device comprising: 

at least one first processor; and 

first memory; 

wherein said at least one first processor is configured to store in said first memory 
a first plurality of data structures, including: 

a first network address translation (NAT) data structure configured to store 
information relating to address translations corresponding to selected network nodes in the 
network; and 
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a first NAT transaction data structure configured to store transactional 
information relating to updates or modifications performed on the first NAT data structure; 

said first network device being configured to transmit at least a portion of said 
NAT transactional information to at least one other network device; and 
5 a second network device configured to implement a network address translation 

protocol, the second network device comprising: 
at least one second processor; and 
second memory; 

wherein said at least one first processor is configured to store in said second 
10 memory a second plurality of data structures, including: 

a second network address translation (NAT) data structure configured to 
store information relating to address translations corresponding to selected network nodes 
;kS in the network; and 

"m 

i s y a second NAT transaction data structure configured to store transactional 

] fi 

^ 1 5 information relating to updates or modifications performed on the second NAT data 
! ^ structure; 

:5 said second network device being configured or designed to receive NAT 

r\ | transactional information from said first device, and update or modify said second NAT 
!"? data structure using data from the NAT transactional information received from the first 

is EST 

□20 device. 

43. The device of claim 42 wherein the first network device is configured as a 
primary traffic handling device of a primary-backup redundancy group, and wherein the 
second network device is configured as a backup traffic handling device of the primary- 

25 backup redundancy group. 

44. The device of claim 42 wherein the first network device is configured as an 
active traffic handling device of an active-standby redundancy group, and wherein the 
second network device is configured as a standby traffic handling device of the active- 

3 0 standby redundancy group . 
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45. The device of claim 42 wherein the first network device is configured as a 
first peer traffic handling device of a peer-peer redundancy group, and wherein the second 
network device is configured as a second peer traffic handling device of the peer-peer 
redundancy group. 

46. A computer program product for synchronizing network address translation 
(NAT) information stored on different network devices that have been configured to 
implement a network address translation protocol, each of said network devices including 
a respective NAT data structure configured to store said NAT information, the computer 
program product comprising: 

a comprising a computer readable medium, the computer readable medium 
comprising: 

computer code for creating, in a first NAT data structure of a first network device, 
a first network address translation (NAT) entry relating to a network node engaged in a 
communication session, said first NAT entry including information relating to a local 
network address of the network node and a dynamically assigned global network address 
of the network node; 

computer code for generating a first network address translation (NAT) transaction 
message which includes information relating to updates or modifications performed on the 
first NAT data structure; and 

computer code for transmitting the first NAT transaction message to at least one 
other network device to thereby cause the at least one other network device to update a 
respective NAT data structure associated with the at least one other network device using 
information from said first NAT transaction message. 

47. The computer program product of claim 46 further comprising: 
computer code for receiving a second NAT transaction message from the at least 

one other network device; and 

computer code for modifying the first NAT data structure in accordance with 
instructions provided in said second NAT transaction message. 
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48. A computer program product for synchronizing network address translation 
(NAT) information stored on different network devices that have been configured to 
implement a network address translation protocol, each of said network devices including 
a respective NAT data structure configured to store said NAT information, the computer 
5 program product comprising: 

a comprising a computer readable medium, the computer readable medium 
comprising: 

computer code for receiving, at a first network device, a first NAT transaction 
message which includes updated network address translation (NAT) information generated 
10 by a second network device, the updated NAT information including information relating 
to modifications to be performed on NAT information stored in a first NAT data structure 
on the first network device; and 

uCj computer code for modifying the first NAT data structure using information from 

'''4 

i,y said first NAT transaction message to thereby achieve synchronization of NAT 

i'ri 

ri 15 information stored on the first and second network devices. 

« 49. A network device configured to implement redundancy of stateful network 

; s i i address translation information in a data network, the network device comprising: 
[:tk means for creating, in a first NAT data structure of a first network device, a first 

□ 20 network address translation (NAT) entry relating to a network node engaged in a 
communication session, said first NAT entry including information relating to a local 
network address of the network node and a dynamically assigned global network address 
of the network node; 

means for generating a first network address translation (NAT) transaction message 
25 which includes information relating to updates or modifications performed on the first 
NAT data structure; and 

means for transmitting the first NAT transaction message to at least one other 
network device to thereby cause the at least one other network device to update a 
respective NAT data structure associated with the at least one network device using 
30 information from said first NAT transaction message. 
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50. A network device configured to implement redundancy of stateful network 
address translation information in a data network, the network device comprising: 

means for receiving, at a first network device, a first NAT transaction message 
which includes updated network address translation (NAT) information generated by a 
second network device, the updated NAT information corresponding to updated NAT 
information stored on the second network device, the updated NAT information including 
information relating to modifications to be performed on NAT information stored in a first 
NAT data structure on the first network device; and 

modifying the first NAT data structure using information from said first NAT 
transaction message to thereby achieve redundancy of NAT information stored on the first 
and second network devices. 
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